[CRITICAL] Potential SQL injection in methods `yii\db\ActiveRecord::findOne()` and `::findAll()`

PKSA-xtm2-wjhy-b81b CVE-2018-7269 GHSA-hhg2-g6h6-c266

Affected package: yiisoft/yii2-dev

Affected version: <2.0.12.1|>=2.0.13,<2.0.13.2|>=2.0.14,<2.0.15

Reported by:
GitHub, FriendsOfPHP/security-advisories